Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
November 28, 2017.
By The CyberWire Staff
ISIS, effectively ejected from territory it once controlled, appears to be entering its long-anticipated diaspora phase, which informed observers expect to be marked by more focus on cyberspace. For the foreseeable future, this is held by most to mean increased attempts at online inspiration.
Criminals continue their attempts on cryptocurrencies. SentinelOne announces discovery of a new cryptocurrency mining Trojan, "OSX.CpuMeaner," that targets Macs.
Google's latest sweep through Google Play turns up several apps equipped with the Tizi backdoor. Tizi has typically been used to install spyware on target devices.
There are other concerns about Android security and, especially, privacy. A study by Yale University concludes that about three-quarters of Android apps come with third-party tools that track users' activity.
Forcepoint warns of a massive spam campaign that's distributing Scarab ransomware. Ransomware is enjoying a burgeoning demand in the black-market souks. Carbon Black has reported a 2500% rise in ransomware sales since last year. Ransomware is also growing more targeted, more difficult to detect.
No one seems to be buying the whistling in the dark Uber did before its recent shake-up and breach disclosure. It strikes most observers as unlikely in the extreme that the criminals who hacked the ride service actually destroyed the data they stole.
The US has indicted three Chinese nationals for theft of intellectual property. They work or worked for the Guangzhou Bo Yu Information Technology Company; the US thinks the firm is an espionage operation.
Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com
Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
The 10 Wildest Ways Hackers Steal Data(Top10VPN.com) Our infographic reveals the unexpected ways that hackers steal data. It's not just your laptop and smartphone, even your morning cup of coffee isn't safe.
Security firm Bkav: Face ID not secure enough for business transactions(Phone Arena) You might recall that earlier this month, we told you that Vietnamese security firm Bkav had invented a mask that apparently defeated the Apple iPhone X's Face ID. The company has reached out to us this morning to tell us that it has invented a new mask that will allow twins to defeat Apple's facial recognition system. And with that, comes a warning.
The Looming War of Good AI vs. Bad AI(Dark Reading) The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
What Developers Need to Know about the State of Software Security Today(Veracode) Developers are constantly thrown under the bus when it comes to appsec woes, but it's time to put the “lazy developer trope” to bed. Devs do care about security- Veracode recently found that developers rarely try to rig the system by rejecting findings as false positives or as mitigated by design. In the last year, devs documented mitigations for just 14.4% of all the flaws found by Veracode’s platform.
Soaring Cost of Cyber Attacks Raises Concerns for Boston Healthcare Industry(BostInno) According to a new report from the Ponemon Institute, the cost and frequency of cyber attacks is on the rise — and one industry, in particular, is getting hit especially hard. Healthcare institutions are expected to lose $1.3 billion to cyber attacks in 2017 alone, and with some of the top hospitals in the country located here in Boston, that brings the threat and potential economic impact of cyber attacks even closer to home.
Barracuda reeled in by Thoma Bravo(CRN) UK's sole Premier partner anticipates a faster Barracuda under private equity ownership,Finance and M&A ,Barracuda,Thoma Bravo,Altinet
Trend Micro Buys Immunio(Dark Reading) The acquisition is aimed at balancing the speed of DevOps with application security.
Akamai Completes Acquisition of Nominum(Multichannel News) Akamai Technologies, Inc. (NASDAQ: AKAM) today announced the company has completed its acquisition of Nominum, a provider of DNS-based security solutions supporting many of the world’s leading carriers.
John McAfee Joins Advisory Board of Hacken(Business Insider) Hacken, the first custom-tailored decentralized token for cybersecurity professionals, announces John McAfee, a legend in the IT and cybersecurity fields, joining as an advisor to the Hacken Ecosystem, where he joins advisor Krowd Mentor and partner TaaS Fund.
ERPScan releases AI-driven SAP cybersecurity platform(Inside SAP) A new platform from cybersecurity research firm ERPScan uses machine and deep learning to cover all aspects of SAP security – predictive, preventive, detective and responsive capabilities – in a single solution.
GDPR is not an IT project, warns expert panel(Computing) Erik Vynckier, board member of Firesters Friendly Society and Paul Edmunds, head of technology at the National Crime Agency explains how they're preparing for the upcoming GDPR
Opinion: Pakistan's ignominious surrender to Islamists(Deutsche Welle) November 27 will be remembered as a "black day" in Pakistan – a day when religious hardliners forced the entire state to surrender over a blasphemy row. And the military sided with Islamists, writes DW's Shamil Shams.
Senators introduce revenge prn bill(TechCrunch) Senators Kamala D. Harris (D-CA), Richard Burr (R-NC) and Amy Klobuchar (D-MN), as well as Rep. Jackie Speier introduced a bill today to address revenge prn...
US charges 3 Chinese nationals with hacking(CNN) The Justice Department on Monday unsealed an indictment against three Chinese nationals in connection with cyberhacks and the alleged theft of intellectual property of three companies, according to US officials briefed on the investigation.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
INFILTRATE(Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster...
CyberCon 2017: Beyond Cybersecurity(Pentagon City, Virginia, USA, November 28, 2017) The cyber front is about more than just security. Defending in cyberspace takes a holistic approach, encompassing technology, policy and people. That’s why we’re bringing together military, intelligence...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...
Cyber Security, Oil, Gas & Power 2017(London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.
Cyber Security Summit Los Angeles(Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Hackers Challenge(New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.